Pages

Tuesday, April 17, 2012

If you’re a Linux user, you’ve probably seen references to both sudo and su. Articles here on How-To Geek and elsewhere instruct Ubuntu users to use sudo and other Linux distributions’ users to use su, but what’s the difference?

Sudo and su are two different ways to gain root privileges. Each functions in a different way, and different Linux distributions use different configurations by default.

The Root User

Both su and sudo are used to run commands with root permissions. The root user is basically equivalent to the administrator user on Windows – the root user has maximum permissions and can do anything to the system. Normal users on Linux run with reduced permissions – for example, they can’t install software or write to system directories.

To do something that requires these permissions, you’ll have to acquire them with su or sudo.

Su vs. Sudo

The su command switches to the super user – or root user – when you execute it with no additional options. You’ll have to enter the root account’s password. This isn’t all the su command does, though – you can use it to switch to any user account. If you execute thesu bob command, you’ll be prompted to enter Bob’s password and the shell will switch to Bob’s user account.

Once you’re done running commands in the root shell, you should type exit to leave the root shell and go back to limited-privileges mode.

Sudo runs a single command with root privileges. When you execute sudo command, the system prompts you for your current user account’s password before running commandas the root user. By default, Ubuntu remembers the password for fifteen minutes and won’t ask for a password again until the fifteen minutes are up.

This is a key difference between su and sudo. Su switches you to the root user account and requires the root account’s password. Sudo runs a single command with root privileges – it doesn’t switch to the root user or require a separate root user password.

Ubuntu vs. Other Linux Distributions

The su command is the traditional way of acquiring root permissions on Linux. The sudo command has existed for a long time, but Ubuntu was the first popular Linux distribution to go sudo-only by default. When you install Ubuntu, the standard root account is created, but no password is assigned to it. You can’t log in as root until you assign a password to the root account.

There are several advantages to using sudo instead of su by default. Ubuntu users only have to provide and remember a single password, whereas Fedora and other distributions require you create separate root and user account passwords during installation.

Another advantage is that it discourages users from logging in as the root user – or using su to get a root shell – and keeping the root shell open to do their normal work. Running fewer commands as root increases security and prevents accidental system-wide changes.

Distributions based on Ubuntu, including Linux Mint, also use sudo instead of su by default.

A Few Tricks

Linux is flexible, so it doesn’t take much work to make su work similarly to sudo – or vice versa.

To run a single command as the root user with su, run the following command:

su -c ‘command’

This is similar to running a command with sudo, but you’ll need the root account’s password instead of your current user account’s password.

To get a full, interactive root shell with sudo, run sudo –i.

You’ll have to provide your current user account’s password instead of the root account’s password.

Enabling the Root User in Ubuntu

To enable the root user account on Ubuntu, use the following command to set a password for it. Bear in mind that Ubuntu recommends against this.

sudo passwd root

Sudo will prompt you for your current user account’s password before you can set a new password. Use your new password to log in as root from a terminal login prompt or with the su command. You should never run a full graphical environment as the root user – this is a very poor security practice, and many programs will refuse to work.

Adding Users to the Sudoers File

Only administrator-type accounts in Ubuntu can run commands with sudo. You can change a user account’s type from the User Accounts configuration window.

Ubuntu automatically designates the user account created during installation as an administrator account.

If you’re using another Linux distribution, you can grant a user permission to use sudo by running the visudo command with root privileges (so run su first or use su -c).

Add the following line to the file, replacing user with the name of the user account:

user ALL=(ALL:ALL) ALL

Press Ctrl-X and then Y to save the file. You may also be able to add a user to a groupspecified in the file. Users in the groups specified in the file will automatically have sudo privileges.

Graphical Versions of Su

Linux also supports graphical versions of su, which ask for your password in a graphical environment. For example, you can run the following command to get a graphical password prompt and run the Nautilus file browser with root permissions. Press Alt-F2 to run the command from a graphical run dialog without launching a terminal.

gksu nautilus

The gksu command also has a few other tricks up its sleeve – it preserves your current desktop settings, so graphical programs won’t look out of place when you launch them as a different user. Programs such as gksu are the preferred way of launching graphical applications with root privileges.

Gksu uses either a su or sudo-based backend, depending on the Linux distribution you’re using.